[Distutils] Password security

Donald Stufft donald at stufft.io
Wed Sep 4 17:31:51 CEST 2013


On Sep 4, 2013, at 11:28 AM, Nick Coghlan <ncoghlan at gmail.com> wrote:

> The *best* answer is for a service to use 2-factor authentication
> instead of relying entirely on passwords (the "physical object" Donald
> mentioned earlier), but we don't have the resources to set that up,
> and certainly can't require it for all PyPI users (since you either
> need a physical token or a phone capable of running an app like Google
> Authenticator).

PyPI will gain 2 Factor Auth support in Warehouse. It's something I feel strongly
about and am going to make it work. It obviously won't be required for the
reasons you listed it but if folks turn it on then it'll be required for their account.
Likely also projects will be able to require that their projects themselves get
modified only by an account with 2FA enabled as well.

-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130904/869ddc34/attachment.sig>


More information about the Distutils-SIG mailing list